Should we verify minimal dependency versions
epage opened this issue · 6 comments
epage commented
cargo has an unstable flag to calculate dependencies using the minimum rather than the maximum version. This verifies that Cargo.toml
s are not stale.
epage commented
The downside is the brittleness of dependencies if they aren't also verifying it.
jonhoo commented
I think this should be an opt-in stage. Not sure what Rust version it should be run on (does it require nightly atm?).
epage commented
I think you can use unstable flags without nightly but I'm unsure. I at least do it with libtest's json output.
epage commented
As for best practices, I am unsure. I've seen discussions around this but haven't adopted it myself (yet). I've been tempted to adopt it due to minrust issues.
jonhoo commented
Relevant: rust-lang/api-guidelines#123